Availability

3.2.4.1

The COE Platform implementation shall be capable of detecting the failure of a system service or resource.

Minimally satisfied by POST on boot.

3.2.4.1.2

The COE Platform implementation shall provide the following capabilities to notify a trusted user:

3.2.4.2

Upon recovery of a failed system resource, the COE Platform implementation shall verify that it returns in a secure state.

Minimally satisfied by POST on boot.

3.2.4.2.1

Upon recovery of a failed system resource, the COE Platform implementation shall provide the capability to determine whether file systems are intact.

Minimally satisfied by the fsck utility or equivalent.

3.2.4.2.2

Upon recovery of a failed system resource, the COE Platform implementation shall provide the capability to determine whether access control permissions are unchanged from the state prior to the failure.

Minimally satisfied by the Tripwire¹ tool. The supplier may propose an equivalent for review.

3.2.4.2.3

Upon recovery of a failed system resource, the COE Platform implementation shall ensure that user privileges have not increased.

Minimally satisfied by the Tripwire tool. The supplier may propose an equivalent for review.

3.2.4.3

The COE Platform implementation shall provide the capability for a trusted user to selectively revoke a user's access to services.

Minimally satisfied by the combination of TCPwrapper² and DAC.

3.2.4.3.1

The COE Platform implementation shall provide the capability to kill or halt a user's process(es).

3.2.4.4

The COE Platform implementation shall provide the capability to perform system and database backups.

System Backup/Restore capability required. The supplier must identify a solution for review.

3.2.4.4.1

The COE Platform implementation shall provide the capability to scan for viruses during backup operations.

Virus Scan capability required. The supplier must identify a solution for review.

3.2.4.5

The COE Platform implementation shall provide the capability to recover from failures using system and database backups.

System Backup/Restore capability required. The supplier must identify a solution for review.

Footnotes

1.

Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, and so on. Refer to Tripwire, Inc. at www.tripwire.com and www.tripwire.org for the commercial and Open Source versions of the Tripwire tool.

2.

TCPwrapper is the common name for Wietse Venema's tcpd. It gives a system administrator the ability to block and/or log access attempts via tcp. This provides an additional level of protection inside a firewall and increases the granularity of security to the system level, without having to control the firewall. See ftp://ftp.porcupine.org/pub/security/index.html.